Russian Cyber Attack Threat to Global Banking System

FS_Russian_Hackers_2.jpg

A security firm is warning that a group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the US and elsewhere.

The group's preparations have included new malware and registering domain names that are similar to those of the intended targets and were recently discovered by some analysts from the security firm Root9B.
The group has been active since at least 2007 and is known by various names including APT28 and Pawn Storm. Several security vendors believe it operates out of Russia and has possible ties to that country's intelligence agencies.
The group's primary malware tool is a backdoor program called Sednit or Sofacy that it delivers to victims through spear-phishing emails or drive-by downloads launched from compromised websites.
The Root9B analysts came across a phishing domain at the end of April that was similar to that of a Middle Eastern financial institution, according to a report published recently. When they dug deeper they uncovered new Sofacy malware samples and servers and domains that were being set up by the group for an upcoming operation.
The company has alerted the financial institutions, as well as international and US authorities. It's not clear if the attacks have started yet, but the Root9B analysts believe that when they do, they will likely include spear-phishing.
The company released hashes for the new malware samples it has identified and the IP address of a command-and-control server set up by the attackers, so that companies can block them on their networks.

Based on the evidence they've seen, the Root9B analysts believe that there might be two subgroups within APT28: One that targets military and government organizations and one that targets financial institutions and banks. Of course, the attackers might now decide to delay the operation in order to change their infrastructure and targets. So, financial institutions should remain vigilant and should examine all email messages for possible spear-phishing attempts.


Computerworld

 

« Google Says Self-Driving Cars Drive Better Than You
Fast Growing Companies Use CIOs Technology Strategy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Greylock Partners

Greylock Partners

Greylock Partners is a leading venture capital firm based in Silicon Valley. We invest in all sectors of enterprise software technology including applications, cloud/SaaS, networking and security.

Cysiv

Cysiv

Cysiv SOC-as-a-Service combines all the elements of an advanced, proactive, threat hunting SOC, with a managed security stack for hybrid cloud, network, and endpoint security.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.